Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in November 2009
<<   <   Page 2 / 4   >   >>
Narrowing The Compromise-To-Discovery Breach Time Line
Commentary  |  11/20/2009  | 
Security professionals are intrigued by the fact that for approximately half of the data breach cases Verizon Business works, the victim doesn't realize there's a problem until more than six months after the incident occurred. Another stunning fact: More than two-thirds of incidents we work are discovered by a third-party.
Scrutinizing The White House Cyberspace Policy Review
Commentary  |  11/20/2009  | 
A lot was expected of the White House Cyberspace Policy Review, but like in previous cases, disappointment is what we find.
Tech Insight: 3 Factors To Assess Before Doing Your Own Penetration Testing
News  |  11/20/2009  | 
What you need to know about bringing penetration testing in-house
Proposed Law Seeks To Ban P2P Networks By Federal Workers
News  |  11/20/2009  | 
The Secure Federal File Sharing Act calls for an agency head or CIO would have to make a special request to use P2P software
Cryptographic Voting System Runs First Election
News  |  11/20/2009  | 
Scantegrity II is an open-source election verification technology that uses privacy-preserving confirmation numbers to ensure each vote is counted
Two Ways To Encrypt Your Database
Commentary  |  11/20/2009  | 
File/operating system level-encryption is actually implemented outside the database engine -- but it's still a form of database encryption. And it's referred to as "transparent" encryption because it doesn't require any changes to the database, or calling an application.
ENISA Offers Security Recommendations For Cloud Services
News  |  11/19/2009  | 
New report outlines benefits and risks, offers guidelines for choosing providers
Product Watch: Ksplice Wins Global Cybersecurity Challenge
News  |  11/19/2009  | 
Startup recognized for software that delivers Linux security updates without a reboot
In-Q-Tel Joins Forces With FireEye To Fight Cyberthreats
News  |  11/19/2009  | 
FireEye sells an out-of-band security appliance that monitors all inbound network traffic
Firefox 3.6 Beta 3 Debuts
News  |  11/19/2009  | 
Mozilla made structural change that aims to improve the browser's stability
New IBM Database Flaw Could Affect Several Other Vendors' Products
News  |  11/19/2009  | 
Denial-of-service (DoS) attack vulnerability in IBM's SolidDB affects HP OpenView
So Much Data, So Little Encryption
News  |  11/19/2009  | 
We surveyed almost 500 business technology professionals and found little end-to-end encryption use. Instead, we're doing only what auditors demand.
Federal Agencies: Online Collaboration, Cyber Terrorism, Mobility, Web 2.0 Their Biggest Security Threats
Quick Hits  |  11/19/2009  | 
New survey by Ponemon Institute also finds more than one-third of agencies have suffered one or more hacks in the past 12 months
FAA Resolves Flight Plan System Failure
News  |  11/19/2009  | 
Air traffic controllers had to enter flight plan information manually Thursday morning, delaying some East Coast flights.
Lessons Learned From PCI Compliance
News  |  11/19/2009  | 
Assessors reveal mistakes companies make with data security standard.
Credit Card Processors Getting Encryption Religion
News  |  11/19/2009  | 
Top providers are touting new services. Yet many businesses that accept credit cards aren't ready for end-to-end encryption.
So Much Data, So Little Encryption
News  |  11/19/2009  | 
We surveyed almost 500 business technology professionals and found little end-to-end encryption use. Instead, we're doing only what auditors demand.
Phishers Target Apple Customers In New Attack
Commentary  |  11/18/2009  | 
While OS X is targeted by a far fewer number of viruses than other operating systems, that's not stopping fraudsters from trying to hit Mac users with fraud.
Penetration Testing Grows Up
News  |  11/18/2009  | 
Metasploit's expected entry into the commercial penetration testing market is the latest step toward making pen testing more mainstream
T-Mobile: Employee Data Theft Leads To U.K.'s Largest Data Breach
News  |  11/18/2009  | 
Employee sold millions of customer records to data brokers, reports say
The Perfect Holiday Gift For Any Security Pro: A Bruce Schneier Action Figure
Quick Hits  |  11/18/2009  | 
For $89, one of the industry's best-known experts will sit on your desk
Product Watch: Fortinet Issues An IPO
News  |  11/18/2009  | 
Security appliance, UTM vendor goes public
Push-Button Forensics
Commentary  |  11/18/2009  | 
Digital forensics, computer forensics, or whatever you want to call the investigation and analysis of computer systems and digital media, is a challenging field that requires deep knowledge of the systems being analyzed. There is a push, however, to lower the barrier to entry for lesser skilled analysts to perform digital forensics using modern forensic tools.
McAfee Releases Cybercrime Report
News  |  11/18/2009  | 
Fifth Annual Virtual Criminology report covers a variety of longstanding cybersecurity problems
Survey: Patient Data At Risk From Healthcare Partners
News  |  11/18/2009  | 
About a third of healthcare business associates are not aware they needed to comply with HIPAA's security and privacy provisions
In-Q-Tel Invests In Cybersecurity Company
News  |  11/18/2009  | 
The venture arm of the U.S. intelligence community, In-Q-Tel, has invested an unknown sum in FireEye, which sells a cybersecurity appliance.
Don't Just Manage Your Data -- Know it
Commentary  |  11/18/2009  | 
There are countless ways to manage data available to the storage manager today but most of these solutions look at data as a problem. Few take an asset view of data, understanding that it is something to be cultivated and leveraged for future use. Storage managers should do more than just manage their data, they should know it.
NSA Iraqi Computer Attacks And U.S. Defense
Commentary  |  11/18/2009  | 
A National Journal Magazine article called "The Cyberwar Plan" has been making waves the last few days in our circles -- it's about how cell phone and computer attacks were supposedly used against Iraqi insurgents by the National Security Agency (NSA). Its significance is far more than just what's on the surface, however.
T-Mobile Says Employees Sold Customer Data
News  |  11/17/2009  | 
A report issued by the U.K. Information Commission's Office calls for action against the unlawful sale of personal data.
Startup Promises 'Disruptive,' Hardware-Based Endpoint Security Solution
News  |  11/17/2009  | 
InZero box creates 'sandbox' that quarantines malware from PC, inventors say
Product Watch: Microsoft Unveils Windows Identity Foundation
News  |  11/17/2009  | 
New .NET tool, Azure cloud computing platform announced today
Senate Hears Testimony From Federal Cybersecurity Pros
News  |  11/17/2009  | 
National Cyber Incident Response plan should be ready by December or January
How To Hack A Brazilian Power Company
Commentary  |  11/17/2009  | 
The recent "60 Minutes" story claiming hackers had caused power outages in Brazil was (likely) bogus, but that doesn't mean hackers can't do this. The story got widespread coverage in the Brazilian press, which meant hackers there were suddenly interested in the subject. And just days later, chatter appeared on Brazilian hacker Websites expressing interest in ONS, the Website of Brazil's national power grid operator.
New Metasploit Version Released
News  |  11/17/2009  | 
Version 3.3 is faster and includes support for Windows 7
Healthcare Affiliates Unprepared For Data Breaches
News  |  11/17/2009  | 
Patient privacy is at risk from the companies that healthcare providers do business with, study says.
Free SMB Firewall Offfered By Astaro
Commentary  |  11/17/2009  | 
Security firm Astaro is offering free firewalls to small and midsized businesses starting today. Too good to be true? Maybe not.
National Cyber Incident Response Plan Coming
News  |  11/17/2009  | 
FBI, Homeland Security, and Justice Department officials drop hints of future cybersecurity policy and projects at a Senate hearing.
Big-Name Vendors Team On Disaster Preparedness, Recovery
News  |  11/17/2009  | 
IT can play a major role in boosting the effectiveness of response efforts, say alliance sponsors that include Microsoft, Google, Yahoo
Only Half Of CEOs Strongly Support Data Security Efforts
Quick Hits  |  11/17/2009  | 
New Ponemon study finds lack of executive buy-in for security, disconnects between IT and security, and U.S. firms less confident of their data security
Most Security Products Fail Initial Certification Tests
News  |  11/16/2009  | 
A study based on the testing of thousands of security products over 20 years finds that most require several rounds of testing before achieving certification.
Most Security Products Don't Initially Work As Intended, Study Says
News  |  11/16/2009  | 
In certification tests, many products fail in functionality or logging, ICSA/Verizon reports
D.A. Davidson Breach Case Nears Resolution
Quick Hits  |  11/16/2009  | 
Judge approves settlement of lawsuit; three Latvian suspects extradited
Myth-Busting: Quelling 7 Cloud Computing Fears
News  |  11/16/2009  | 
Concerned about data privacy and single points of failure, among other cloud worries? Get ready to put your fears to rest
There's More To Pen Tests Than Just Breaking In
Commentary  |  11/16/2009  | 
I have a love/hate relationship with Twitter. Sometimes it seems like there's nothing but garbage on there. But on other days, the wealth of information is so much better than what's in my RSS reader.
Storage As A Virtual Machine Part Two - Details
Commentary  |  11/16/2009  | 
As we dive deeper into the storage as a virtual machine concept we went back and re-interviewed some of the players in the storage as a virtual machine market, focusing specifically on what they provide. The first two conversations were with DataCore and HP. We will cover more suppliers as the series unfolds.
Conn. AG Investigates Blue Cross Blue Shield Data Breach
News  |  11/16/2009  | 
BC/BS and its related companies Anthem and Empire failed to inform health care providers until late last month, says Connecticut Attorney General Richard Blumenthal
Does New Microsoft Patent Infringe On Unix Program Sudo?
News  |  11/16/2009  | 
Some in the open source community suspicious of Microsoft's intent
The Web Application Security New Top 10 Risks
Commentary  |  11/15/2009  | 
With a focus on risks, rather than only ranking software vulnerabilities, the Open Web Application Security Project (OWASP) has made a significant - and welcomed - change in how the organization rates Web application security weaknesses.
DNSSEC Rollout Gains Traction
News  |  11/15/2009  | 
VeriSign updates its plans for .com and .net DNSSEC adoption, and new survey from Infoblox shows DNSSEC getting a big bump over the past year
Never Understimate The Power Of A Botnet
Commentary  |  11/14/2009  | 
A deputy director at the Office of Cyber Security in the Cabinet Office in the U.K. said in a recent Home Affairs Committee meeting that botnets are not a big risk for debilitating attacks against the government's networks, but are more likely to be used as a tool to extort money.
<<   <   Page 2 / 4   >   >>


News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-30485
PUBLISHED: 2021-04-11
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd(), while parsing a crafted XML file, performs incorrect memory handling, leading to a NULL pointer dereference while running strcmp() on a NULL pointer.
CVE-2021-30481
PUBLISHED: 2021-04-10
Valve Steam through 2021-04-10, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click.
CVE-2021-20020
PUBLISHED: 2021-04-10
A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root.
CVE-2021-30480
PUBLISHED: 2021-04-09
Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. An attacker must be within the same organization, or an external party who has been accepted as a contact. NOTE: this is specific to the Zoom Chat softw...
CVE-2021-21194
PUBLISHED: 2021-04-09
Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.